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Abstract. Petri nets are a well-known and intensively studied model of concurrency often used to 
specify distributed or parallel systems. Vector addition systems with states are simply Petri nets 
provided control states. In this paper we introduce a natural partial order semantics for vector 
addition systems with states which extends the process semantics of Petri nets. The addition of control 
states to Petri nets leads to undecidable problems, namely the equality of two process languages given 
by two systems. However we show that basic problems about the set of markings reached along the 
processes of a VASS, such as boundedness, covering and reachability, can be reduced to the analogous 
problems for Petri nets. We show also how to check effectively any MSO property of these partial 
orders, provided that the system is bounded. This result generalizes known results and techniques 
for the model checking of compositional message sequence graphs. 


Introduction 


Consider a set of reactions that take place among a collection of particles such that each 
reaction consumes a multiset of available particles and produces a linear combination of 
other particle types. This kind of framework can be formalized by a vector addition system 
[22] or, equivalently, a (pure) Petri net [30]. Consider in addition some control state which 
determines whether a reaction can occur or not, and such that the occurrence of a reac- 
tion leads to a possibly distinct control state. Then the model becomes formally a vector 
addition system with states (a VASS), a notion introduced in [21]. It is well-known that 
all these models are computationally equivalent, because they can simulate each other [30, 
33,34]. More precisely any vector addition system with states over n places can be sim- 
ulated by some vector addition system over n+ 3 places [21]. These simulations do not 
preserve strictly the set of reachable markings because they require additional places to 
encode control states. Still they allow us to use techniques or tools designed for Petri nets 
to check the properties of the set of reachable markings of a VASS. The addition of control 
states to vector addition systems makes it easier to model and to analyse distributed or 
parallel systems. For instance it is convenient to use a vector of control states to check the 
structural properties of channels within a network of communicating finite state machines 
[24]. 

The popular model of message sequence graphs (MSGs) can be regarded as a partic- 
ular case of VASSs where the only allowed reactions are the sending and the receipt of 
one message from one site to another [2, 3, 13, 18,26]. Then each sequence of reactions can 
be described by a partial order of events called a message sequence chart (MSC). Each 
MSC corresponds to several sequences of elementary actions which are equivalent up to 
the reordering of independent events. Similarly each sequence of MSCs is equivalent to 
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several sequences of MSCs. Thus control states are used to focus on particular interleav- 
ings of events in order to avoid the state explosion problem due to concurrency. However 
there exists so far no way to regard an execution of a VASS as a partial order of events. 
Consequently there is no means to apply techniques or tools for Petri nets to the analysis 
of MSGs. The first contribution of this paper is the definition of a partial order semantics 
for VASSs in such a way that the framework of MSGs can effectively be regarded as a 
particular case of VASS. 

Suggested by Petri in the restricted setting of condition/event systems [31], the process 
semantics of a Petri net defines labeled occurrence nets as partially ordered sets of events 
with non-branching conditions [4, 10, 16, 33,37]. As opposed to the other classical partial- 
order semantics based on step firing sequences [17, 23,37], a process records all causal 
dependencies between the events occurring along a run. We present in Section 1 a partial 
order semantics for VASSs which extends the usual process semantics of Petri nets. The 
approach is simple and natural. First we consider the set of firable computation sequences 
of a VASS and second we define the processes that represent a given sequence. Then each 
process describes some causal dependencies between events which are no longer linearly 
ordered. This means that two reactions that appear one after the other in a computation 
sequence can occur concurrently (that is, possibly in the reverse order) within a correspond- 
ing process. This situation is usual when modeling asynchronous systems. In particular this 
is similar to the way message sequence charts are derived from message sequence graphs 
(see, e.g. [2, ?,3]). Thus, control states represent abstract stages of computations used to 
specify particular sets of reaction sequences: They do not appear formally in the process 
semantics. In this way, message sequence graphs are embedded in the framework of VASSs. 
However, one specific feature of the process semantics is that a computation sequence can 
yield several non-isomorphic processes depending on the order identical particles are con- 
sumed. Along this paper, we shall exhibit few other facts which make clear that the model 
of VASS is more general and more difficult to handle than MSGs. 

It is easy to prove that checking the inclusion (or the equality) of two process languages 
given by two VASSs is undecidable. The reason is that the equality and the inclusion 
problems for rational Mazurkiewicz trace languages [7] are undecidable because the uni- 
versality problem is undecidable [35]. Moreover rational Mazurkiewicz trace languages can 
be represented by MSGs [19] and MSGs are embedded into VASSs. This basic observation 
illustrates the computional gap between Petri nets and VASSs under the process semantics 
because these two problems are decidable for Petri nets, by means of a straightforward 
reduction to the covering problem [11].This shows also that the analysis of the partially 
ordered executions of a VASS does not boil down to the verification of a Petri net in gen- 
eral, in spite of the well-known simulation of a VASS by a Petri net. Synthesis problems 
have been investigated for various models of concurrency: Asynchronous automata |7, 8, 
38], Petri nets [6,9, 20,28], communicating finite-state machines [2,19], etc. They consist 
mainly in characterizing which formal behaviours correspond to some class of concurrent 
devices and to build if it exists such a device from its behavioural specification. We study in 
Section 2 a natural synthesis problem: Given some VASS we ask whether its processes are 
generated by some Petri net. We show that this problem is undecidable (even for bounded 
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systems) by means of a reduction to the universality problem for rational Mazurkiewicz 
trace languages. However we present in the rest of this paper several techniques to check 
properties of a VASS under the process semantics with the help of known algorithms and 
tools. 

A key verification problem for MSGs is to detect channel divergence, i.e. to decide 
whether the number of pending messages along an execution is unbounded [2, ?,3, 19]. 
This problem is NP-complete. An equivalent problem in the more general setting of VASSs 
is the prefix-boundedness problem. It consists in checking that the set of markings reached 
by prefixes of processes is finite. We present in Section 3 a technique to solve this problem 
by means of a new construction. We obtain that prefix-boundedness is computationally 
equivalent to the boundedness problem for Petri nets and requires exponential space [11]. 
This result exhibits an interesting complexity gap between MSGs and VASSs. It shows that 
algorithms to check properties of MSGs need to be revised in order to deal with the more 
expressive framework of VASSs. Other basic decision problems for the markings reached 
by prefixes are of course interesting. We show in particular that the reachability and the 
covering of a given marking by prefixes can be solved using the same technique. 

The model-checking problem for MSGs against monadic second-order logic (MSO) was 
investigated first in [25]. As opposed to earlier works [2], formulas are interpreted on the 
partially ordered scenarios accepted by the MSGs. This problem was proved decidable 
for the whole class of safe MSGs [26] (see also [13]). Each safe MSG can be regarded as 
a bounded VASS. However a safe MSG can describe an infinite set of markings because 
the reordering of events can produce an unbounded number of pending messages within 
channels: In other words, a safe MSG may be divergent. We present in Section 4 a technique 
to check effectively that all processes of a given bounded VASS satisfy a given MSO formula. 
We shall explain in details why this result subsumes, but cannot be reduced to, previous 
works on the model-checking of MSGs. 


1 Model and semantics 


The goal of this section is to extend the usual process semantics from Petri nets to VASSs. 
In order to avoid repetitive definitions we introduce the model of Petri nets with states 
as a minimal framework which includes both Petri nets and VASSs. Thus Petri nets are 
regarded as Petri nets with states provided with a single state whereas VASSs are simply 
Petri nets with states using pure transition rules, only. Next we present the notions of 
firable computation sequence, reachable marking, and (non-branching) process as simple 
generalizations of the classical definitions in the restricted setting of Petri nets. 

For simplicity’s sake, for any mapping \ : A — B between two finite sets A and B, we 
shall denote also by \ the natural mapping 4 : A* — B* from words over A to words over 
B and the mapping \ : N4 — N® from multisets over A to multisets over B such that 
Nw) = yea Ma) A(a) for each multiset yp € N*. Moreover we will often identify a set S 
with the multiset jus for which s(x) = 1 if x € S and ps(x) = 0 otherwise. 
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Fic. 1. A PNS with two control states Fic. 2. A labeled causal net and a prefix 


1.1 Petri net with states 


We borrow from the setting of Petri nets the abstract notion of places which can represent 
different kinds of components within a system: a local control state of a sequential process, a 
communication channel, a shared register, a particle type, a molecule in a chemical system, 
etc. We let P denote a finite set of places throughout this paper. As usual a multiset of 
places is called a marking and it is regarded as a distribution of tokens in places. Further 
we fix a finite set N of rule names. 

A transition rule (or a reaction) is a means to produce new tokens in some places by 
consuming tokens in some other places. Formally a rule is a triple r = (A, a, 2) where A € N 
is a rule name and a, 3 € N? are markings called the guard and the update respectively. 
Such a rule is denoted by A : a—@. It means intuitively that a set of tokens a can be 
consumed to produce a set of tokens @ in an atomic way. Different rules can share the 
same guard a and the same update @. That is why we use here rule names to distinguish 
between similar but distinct rules. For each rule r = (A, a, (3), we put *r =a and r® = £. 


DEFINITION 1.1. A Petri net with states (for short: a PNS) over a set of rules R is an 
automaton § = (Q,21, —, Hin) where Q is a finite set of states, with a distinguished initial 
state € Q, —-C Q x Rx Q is a finite set of arcs labeled by rules, and ji, € N? is some 
initial marking. 


Let 8 = (Q,1,—, Min) be a Petri net with states. A labeled arc (q,7,q2) €— will be 
denoted by g; —> qo. A rule sequence s = 1}...7, € R* is called a computation sequence of 
S if there are states qo, ..., Gn € Q such that 2 = qo and for each 7 € [1, n], gi-1 —, g;. These 
conditions will be summed-up by the notation 2 > qn. For instance, (p : 424 2) - (ec: 
ytz2y):-(p:2>x4+2)-(c: y+z—y) is a computation sequence of the PNS with two 
states depicted in Fig. 1. We denote by CS(S) the set of all computation sequences of 8. 
This language is obviously a regular and prefix-closed set of words over R. Conversely any 
regular and prefix-closed language over a finite subset of rules is the set of computation 
sequences of some PNS. Actually the partial order semantics we shall adopt considers PNSs 
simply as a formal means to specify regular sets of rules. 

A rule sequence s = 1}...7, € R* is firable from a marking p if there are multisets of 
places 0, ..., fn Such that juo = and for each k& € [1,n]: up_-1 > Pr, and We = Me—-1—° Te +1. 
This means intuitively that each rule from s can be applied from the marking yz in the 
linear order specified by s: Each rule r, consumes *r;, tokens from juz; and produces r? 
new tokens which yields the subsequent multiset u;,. Then we say that jz, is reached by 
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the rule sequence s from the marking jz. We also say that s leads to fz,. We denote by 
FCS(8) the set of all firable computation sequences of 8. A marking is reachable in § if it 
is reached by a firable computation sequence of $8. A PNS is said to be bounded if the set 
of its reachable markings is finite. 


1.2 VASS, Petri net and causal net 


Originally introduced in [21], the notion of a vector addition system with states (for short: 
a VASS) can be formally defined in several slightly different ways. In this paper, a VASS is 
simply a PNS such that each rule r labeling an arc is pure, which means that for all places 
p € P, *r(p) x r*(p) = 0. This amounts to require that *r(p) > 1 implies r*(p) = 0 and 
vice versa. For this reason each rule r in a VASS can be represented by a vector v € Z? 
where u(p) = r*(p) — *r(p) for all p € P. We could also require that a VASS uses a single 
rule name, i.e. for all rules r1, rg € R, 71° — °ry = r2° — °r2 implies r, = rg. In this way any 
two similar rules must carry the same rule name. This restriction would have no effect on 
the results presented in this paper. 

We explain at present why we can identify the well-known formalism of Petri nets as 
particular PNSs provided with a single state. 


DEFINITION 1.2. A Petri net is a quadruple N = (P,T,W, tin) where 


— P is a finite set of places and T is a finite set of transitions such that PNT = 0; 
— W is a map from (P x T) U(T x P) to N, called the weight function; 
— [in is a map from P to N, called the initial marking. 


We shall depict Petri nets in the usual way as in Fig. 4: Black rectangles represent transi- 
tions whereas circles represent places; moreover tokens in places describe the initial mark- 
ing. Given a Petri net N = (P,T, W, pin) and a transition t € T, *t = )) ep W/(p,t) - pis 
the pre-multiset of t and t® = ae W(t, p) - p is the post-multiset of t. Similarly we put 
*p = Ver W(t, p)-t and p* = >_,-7 W(p,t) - t for each place p € P. 

Let N = (P,T,W, pin) be a Petri net. We will regard N as a PNS 8y with the same 
set of places P and the same initial marking. Moreover Sx is provided with a single state 
2 such that each transition t € T is represented by a self-loop labeled arc 1 —> 2 where 
r = (t,*t,t®). In this way, the class of Petri nets is faithfully embedded into the subclass of 
PNSs provided with a single state such that each transition carries a rule with a distinct 
rule name. Conversely, take any PNS 8S with a single state 2 such that each transition 
carries a rule with a distinct rule name. The corresponding Petri net shares with 8 its set 
of places and its initial marking. Moreover for each self-loop 1 —> 2 it admits a transition 
t, such that °t, = *r and t,*° = r®. For instance the PNS from Fig. 3 corresponds to the 
Petri net from Fig. 4. 

If the weight function W takes only binary values then it is often described as a flow 
relation FC (P x T) U(T x P) where (a, y) € F if W(x, y) = 1. Further F'* denotes the 
transitive closure of F’. 
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Fic. 3. A PNS with a single state Fic. 4. and the corresponding Petri net 


DEFINITION 1.3. /10,37] A causal net is a Petri net K = (B,E,F,tmin) whose places 
are called conditions, whose transitions are called events, and whose weight function takes 
values in {0,1} and is represented by a flow relation F C (Bx E)U(Ex B) which satisfies 
the following requirements: 


1. the net is acyclic, i.e. for allz,y € BUE, (a,y) € F* implies (y,x) € FT. 
2. the conditions do not branch, i.e. |*b| < 1 and |b*| < 1 for allbe B. 
3. Lmin(b) = 1 if °b = @ and pmin(b) = 0 otherwise. 


Note that the third requirement guarantees that the initial marking [min can be recovered 
from the structure (B, E, F) because it coincides with the set of minimal conditions. For 
that reason causal nets are often defined as a triple (B, FE, F’) satisfying the two first 
conditions of Def. 1.3. In the literature causal nets are also called occurrence nets, see e.g. 
[4, 14, 16, 15, 33]. However more general Petri nets are called occurrence nets in the theory 
of partial unfolding or branching processes [10, 12, 29]. 

The transitive and reflexive closure F* of the flow relation F' in a causal net K = 
(B, E, F, min) yields a partial order over the set of events E. A configuration is a subset 
of events H C E that is downwards closed, i.e. e’F*e and e € H imply e’ € H. Each 
configuration H defines a prefix causal net Ky whose events are precisely the events from 
H and whose places consists of the minimal places of K (with respect to the partial order 
relation F*) and all places related to some event from H. For instance Fig. 2 exhibits a 
subset of a causal net (circled with a dotted line) that is a prefix of that causal net. For 
each class of labeled causal nets £, we denote by Pref(£) the class of all prefixes of all 
labeled causal nets from L. 


1.3. Simulation of a VASS by a Petri net 


Let us now recall how a k-dimensional VASS or more generally a PNS 8 with k places can 
be simulated by a Petri net N with k+n places, where n is the number of states [34,30]. The 
usual construction is illustrated by Fig. 5 which shows on the left-hand side a PNS with 2 
states (2 and q) and 3 places (x, y and z) and on the right-hand side the corresponding Petri 
net with 5 places: Each place from $ and each state from § corresponds to a place from N. 
The initial marking of N describes the initial marking of 8 and some token is added in the 
place corresponding to the initial state of $. Moreover each arc gj —> q in $ is represented 
by a transition in N. It is easy to see that there is a one-to-one correspondence between 
the firable computation sequences of 8 and the firable rule sequences of N; moreover the 
marking reached by N describes the marking reached by 8 and the current state of 8. 
This construction of N from § is interesting because it enables us to analyse the set 
of reachable markings of S§ by means of usual techniques from the Petri net literature (see 
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Fic. 5. Simulation of a PNS by a Petri net 


[11] for a survey). In particular the boundedness problem asks whether the set of reachable 
markings is finite whereas the covering problem asks whether a given marking p is covered 
by some reachable marking wp’, i.e. pp < pu’. These two problems are decidable (for Petri 
nets and Petri nets with states) but they can require exponential space [32]. 

The simulation of a PNS by a Petri net leads us to the next result. 


PROPOSITION 1.4. Let 8 be a PNS and r be a rule attached to some arc of 8. We can 
decide whether r occurs in a firable computation sequence of 8. 


Proof. We have recalled that there is a one-to-one correspondence between the firable 
computation sequences of 8 and the firable computation sequences of N. The rule r occurs 
in a firable computation sequence of 8 if and only if a corresponding transition t in N occurs 
in a firable transition sequence in N. This is equivalent to check whether the marking of 
*t is covered by a reachable marking of N. As mentionned above this question is known to 
be decidable. a 


1.4 Process semantics of a PNS 


In this paper we are interested in a semantics of PNS based on causal nets which is a 
direct generalization of the process semantics of Petri nets [4, 10, 15, 16,33, 37]. The process 
semantics of Petri nets characterizes the labeled causal nets that describe an execution of 
a given Petri net. We have already observed that each transition of a Petri net can be 
regarded as a rule. For that reason we adopt a graphical representation of rules similar to 
a transition of a Petri net, as depicted in Fig. 6. Given an initial multiset of places, each 
firable computation sequence can be represented by a causal net, called a process, which 
somehow glues together the representations of each rule. For instance the labeled causal 
net K from Fig. 2 depicts a process of the Petri net N from Fig. 4 in which each condition 
of K is labeled by a place of NV and each event of K is labeled by a transition of N. 

The following definition explains how processes are derived from a given rule sequence. 
Next the processes of a PNS will be defined as the processes of its firable computation 
sequences (Def. 1.6). 


DEFINITION 1.5. A process of a rule sequence s = 1}...7, € R* from a marking p € NP 
consists of a causal net K = (B, E, F, min) with n events e1, ..., Cn provided with a labeling 
qt: BUE—- PUN such that the following conditions are satisfied: 


1. m(b) € P for allb € B, r(e) EN for alle € E, and t(tmin) = Ls; 
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We denote by [sl], the class of all processes of s from . 


In this definition the mapping 7 denotes the labeling of K and its natural extension to 
multisets. The first condition asserts that the initial marking of the causal net describes 
the marking 44; moreover each condition is associated with some place and each event 
corresponds to some rule name. The second condition requires that the label, the pre- 
set and the post-set of each event coincide with the name, the guard and the update of 
the corresponding rule. Finally the last property ensures that the total order of rules in 
s corresponds to an order extension of the partial order of events in K. Consequently 
any subset of events {e1,...,¢,} is downwards closed. Moreover the prefix causal net K’ 
corresponding to the configuration {€1,...,€,_1} is a process of the rule sequence 7...7,—1 
from the same marking pz. Consequently the class of processes of a rule sequence could 
be also defined inductively over its length, as we will see in Prop. 3.3. Furthermore it is 
easy to see that the class of processes of a rule sequence is empty if and only if the rule 
sequence is not firable from pin. 

Let H be a configuration of a process K = (B, FE, F, tmin, 7) of a rule sequence s from 
pu. Let Byax be the set of maximal conditions of the prefix Ky w.r.t. F*. Then the multiset 
of places 7(Bmax) is called the marking reached by Ky and we say that Ky leads to the 
marking 7( Bmax). Let $4 be a linear extension of the events from H. Then it is clear that 
the rule sequence 7(s;;) is firable from jy and leads to the marking 7(Byax); moreover Ky 
is a process of (sz) from p. 

Roughly speaking, any labeled causal net isomorphic to a process of s is also a process 
of s. In particular the class of processes of the empty rule sequence from some marking p 
collects all labeled causal nets with no event and such that its set of labeled places represents 
the multiset yw. Further a rule sequence may give rise to multiple (non-isomorphic) causal 
nets depending on the consumption of tokens by each event and the initial marking. For 
instance the computation sequence (p : 77> a#+z)-(c: y+z27 y):(p: vAa+z2)-(C: yt+z>y) 
of the PNS from Fig. 1 corresponds to the causal net from Fig. 2. However if there are 
x+y-+ z tokens initially, then this computation sequence corresponds to the two labeled 
causal nets from Fig. 7 among some others. 


DEFINITION 1.6. Let 8 be a PNS with initial marking pi,. A process of § is a process of 
a computation sequence of & from Hin. We let [8] denote the class of all processes of 8. 
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Thus [8] = U,ccssy [s],,,- Ht is easy to check that the processes of a PNS provided with 
a single state are precisely the processes of the corresponding Petri net w.r.t. the usual 
process semantics [4,15,37]. Moreover any prefix of a process of § is a process of some 
rule sequence. Consequently the class of processes of a Petri net is closed by prefixes. 
However the set of processes of a PNS need not to be prefix-closed in general, as the next 
example shows. 


EXAMPLE 1.7. Consider the PNS from Fig. 1 with initial marking x + y and its process 
depicted in Fig. 2. Clearly the prefix of this process circled with the dotted line in Fig. 2 
is not a process of that PNS. 


A PNS is said to be prefix-bounded if the set of markings reached by prefixes is finite. 
Clearly any prefix-bounded PNS is bounded. The converse property does not hold in gen- 
eral. Continuing Example 1.7, each process of the PNS from Fig. 1 leads to a marking with 
at most 3 tokens whereas prefixes of these processes lead to infinitely many distinct mark- 
ings (see in Fig. 2 a prefix of a process which leads to a marking with 4 tokens). However 
we stress that each bounded Petri net is prefix-bounded because its class of processes is 
prefix-closed. 

Note that the simulation of a PNS by a Petri net considered in Subsection 1.3 is not 
faithful from the partial order point-of-view we adopt here. Consider again Figure 5. The 
processes of the PNS & (with three places) on the left-hand side differ from the processes 
of the Petri net N (with five places) on the right-hand side. In Section 3 we introduce a 
simulation of a PNS by another PNS that allows us to analyse the set of markings reached 
along the prefixes of the processes of a given PNS. 


1.5 From compositional MSGs to PNSs 


The formalism of compositional message sequence graphs (cMSGs) was introduced in [18] 
in order to strengthen the expressive power of MSGs and to provide an algebraic framework 
for the whole class of regular sets of MSCs [19]. As opposed to usual MSGs, cMSGs are 
built on components MSCs in which unmatched send or receive events are allowed. It was 
argued in [18] that simple protocols such as the alternating bit protocol can be described 
by cMSGs but not by MSGs. With no surprise cMSGs can be regarded as a particular case 
of VASS under the process semantics. 

Consider a distributed system consisting of a set I of sites and a set K of communication 
channels between pairs of sites. The behaviour of such a system can be specified by a PNS 
over the set P = I UK of places such that the sending of a message from site 7 to site 
j within the channel k;,; from i to 7 is encoded by a rule 17+ k,; and the receipt of 
such a message is encoded by a rule j + k;,; + Jj. Then we require that the initial marking 
(and each reachable marking) contains a single token in each place i € J so that all 
events on a given site are linearly ordered. Such a PNS can actually be regarded as a 
compositional message sequence graph. The partial order semantics of cMSGs consists of 
message sequence charts which are simply a partial order of events obtained from a process 
by removing all conditions. 
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EXAMPLE 1.8. The PNS from Figure 8 describes a simplified sliding window protocol 
used to transmit data from a server i to a client 7. The maximal number of missing 
acknowledgments is specified by the n initial tokens in the place w (the window). The 
system behaviour consists of three basic steps. 


1. The server sends a new data formalized by a token d if some token w is available: It 
consumes first a w token: i + w—i and next sends a new data: 17+ d. 

2. The client receives a data and returns an acknowledgment formalized by a token a: It 
consumes first a data: 7 + d—+j and next produces the ack: 7 47 + a. 

3. The server receives an acknowledgment and increments the window size: First the ack 
is consumed: i + a—7 and then a new token w is released: 17 + w. 


A typical process of this system with n = 1 is depicted in Figure 9. It is clear that this 
system is bounded and even prefix-bounded. 


Since local variables are prohibited in MSGs, the size of any safe cMSG equivalent to the 
PNS from the above example is exponential in the size of n. Thus a bounded PNS can be 
exponentially more concise than an equivalent safe cMSG. If this protocol starts with an 
initial window size of n = 2*-w, then any safe cMSG describing the same class of processes 
needs 2* distinct states. 


2 Checking inclusion properties 


A classical issue in concurrency theory consists in characterizing the expressive power of 
a model. Then a usual problem is the synthesis of a system from its behavioural specifi- 
cation. In this section we consider Petri nets with states as a means to specify concurrent 
behaviours in the form of processes. We tackle the problem of building a Petri net equiva- 
lent to some given Petri net with states. Two classes of specifications are studied according 
to the notion of equivalence we adopt. 


DEFINITION 2.1. A Petri net with states § is realizable (resp. prefix-realizable) if there is 
some Petri net N such that [8] = [N] (resp. Pref([S]) = [N]). 


Note that the Petri net with states & from Figure 1 is not realizable because the set 
of processes it accepts is not prefix-closed (Example 1.7) whereas the set of processes 
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recognized by any Petri net is prefix-closed. However § is prefix-realizable because the 
prefixes of its processes are precisely the processes of the Petri net with states provided 
with a single state depicted in Fig. 3 (i.e. the Petri net from Fig. 4). The next example 
exhibits a Petri net with states that is not prefix-realizable. 


EXAMPLE 2.2. Consider the PNS 8 from Figure 10. Any Petri net N such that [N] = 
Pref([S]) would accept the causal net K from Figure 11 as a process. However K is obviously 
not the prefix of some process from 8. Therefore § is not prefix-realizable. 


Although realizability appears to be the simplest problem to consider, we claim that prefix- 
realizability is also a natural issue because the processes of a Petri net are prefix-closed. 
Further considering prefixes is often a means to focus on deadlock-free implementations of 
systems provided with a notion of accepting states. The next basic observation exhibits a 
canonical candidate for the synthesis of a Petri net from a Petri net with states. 


PROPOSITION 2.3. Let 8; be a Petri net with states and R, be the subset of rules occurring 
in some firable computation sequence of 5;. Let Sg be the PNS provided with a single state 
and the same initial marking as 8, such that a rule occurs on a self-loop in 82 of and only 
if it belongs to Ry. Then 


1. 81 is realizable if and only if [81] = [S82]. 
2. 8, is prefix-realizable if and only if Pref([8,]) = [S2]. 


Proof. Assume first that $; is not prefix-realizable. Then Pref([S1]) 4 [S2] because 82 is 
equivalent to a Petri net. Assume now that 8, is prefix-realizable. Then there exists some 
PNS 8/ with a single state such that Pref([S,]) = [8’]. Any rule from R, occurs in some 
process of 8;, so it must occur in some process of 8’: Therefore it occurs on a self-loop 
in 8’. Any other rule occurring on a self-loop in 8’ cannot occur in a firable computation 
sequence. Therefore we can remove it from 8’ without affecting the set of processes of 8’. 
In other words we can assume 8’ = 89. A similar argument holds for realizability. a 
Note that R; can be computed from 8, (Prop. 1.4). Clearly Pref([S:]) C [$2]. Thus the 
difference between the specification 5; and the canonical implementation $2 stems from 
processes built on rules of 5; that are not represented by some computation sequence of 
$,. This situation is similar to the notion of an implied scenario in the setting of realizable 
high-level message sequence charts [1]. 
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2.1 An undecidable problem with Mazurkiewicz traces 


The undecidability results presented in this section rely on the universality problem in the 
setting of Mazurkiewicz trace theory |7] that we recall now. Let »’ be some finite alphabet 
of actions. The concurrency of a distributed system is often represented by an independence 
relation over 3’, that is a binary, symmetric, and irreflexive relation || C ©’ x ’. Then the 
pair (27, ||) is called an independence alphabet. The associated trace equivalence is the least 
congruence ~ over &* such that a||b implies ab ~ ba for all a,b € 2’. We let [u] denote 
the trace equivalence class of a word u € &”* and we put [LZ] = U,<,[u] for any language 
EG as 


THEOREM 2.4. /36, Theorem IV.4.3] It is undecidable whether |L] = &* for a given inde- 
pendence alphabet (2’, ||) and a given regular language L C &*. 


Since we have not provided the model of VASS with the notion of accepting states, we 
need the slightly stronger but immediate next statement. 


COROLLARY 2.5. It is undecidable whether [L] = &* for some given independence alphabet 
(2’, ||) and some given regular and prefix-closed language L C &*. 


Proof. We proceed by contradiction. We assume that this problem is decidable and show 
that the problem from Theorem 2.4 becomes decidable. Let (2’, ||) be some independence 
alphabet and L C &”* be some regular language. We consider some additional letter | and 
the new alphabet I’ = »’U {1} provided with the same independence relation: The new 
letter L is dependent with all letters from 3’. Let L’ = Pref(L)U (L-{L}- 1%). It is clear 
that L’ is regular and prefix-closed. Moreover L C L’. To conclude the proof we can check 
easily that [ZL] = I* if and only if [L] = &*. 

Assume first that [LZ] = ©*. It is clear that [L’]| C I’*. Let v € I'*. We distinguish two 
cases: If v € &* then v ~ u for some u € L. If vu € X&* then v = vp.L.v, with up € X” 
and uv, € I*. Furthermore vp ~ uo for some up € L. It follows that v ~ ug.L.v, and 
uo.L.v; € L’. In both cases we get v € [u] for some u € L’. Hence [L’] = I. 

Conversely assume now that [* = [L’] and consider v € &*. Then v.l € I*. There 
exists some u € L’ such that v.l ~ u. Then wu = up.L because | is dependent with all 
letters. Moreover v ~ ug (because the trace equivalence is right-cancellative) and ug € 
L' ) S* (because the trace equivalence is a Parikh equivalence). It follows that uo € L. 
Hence [£] = &”. = 


COROLLARY 2.6. Let (2’, ||) be an independence alphabet. It is undecidable whether |Ly| C 
[L2] for any two regular and prefiz-closed language L C &*. 


Proof. Consider L,; = &* and apply Cor. 2.5. a 

In the sequel of this section, we present a natural encoding of Mazurkiewicz traces in the 
form of causal nets. Then each prefix-closed rational Mazurkiewicz trace languages can be 
represented by a prefix-bounded PNS. As a consequence the inclusion relation [8] C [82] 
is undecidable for two given prefix-bounded PNSs 8; and 8. 
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Fic. 12. Some process corresponding to the rule sequence p(abcab) with al|b 


2.2 From Mazurkiewicz traces to processes 


Let (2, ||) be a fixed independence alphabet. We consider a finite set of places P and some 
mapping Loc : ©’ > 2? such that al|b iff Loc(a) M Loc(b) = 0. There are several ways to 
find such a set P together with the location mapping Loc, one of which is to consider any 
subset {a,b} C »’ to be a place whenever aJfb and to put Loc(a) = {p € P| a € p}. 
We assume that each place p € P occurs in some location Loc(a) of some action a € &. 
We put N = ¥, Ry = {(a,a,a) € R| a = Loc(a)} and pin = P. Note that there is 
exactly one rule (a, Loc(a), Loc(a)) € Ry for each action a € X’. Moreover these rules are 
synchronisation rules according to the next definition. 


DEFINITION 2.7. A rule r = (A,a,) is a synchronisation rule if a = G and a(m) < 1 
for eachm € P. 


We consider the mapping p: ’ — Ry such that p(a) = (a, Loc(a), Loc(a)). This bijection 
extends naturally to mapping between words over 4’ and words over Ry. 


EXAMPLE 2.8. Let »’ = {a, b,c} provided with the independence relation a||b. We consider 
P = {z,y} together with Loc(a) = {x}, Loc(b) = {y} and Loc(c) = {x,y}. Figure 12 
depicts some process corresponding to the rule sequence p(abcab). 


Note that for any word u € &* the rule sequence p(w) is firable from ju;, and leads to 
the marking jin. It follows from Prop. 3.3 that all processes from [p(u)] jim @LC isomorphic 
to each other, i.e. there is intuitively only one process for p(w) from pin. 

The next result asserts that trace equivalent words give rise to the same processes. 
And conversely, if two words correspond to the same processes, then these two words are 
trace equivalent. In this way equivalence classes of words are identified with processes. This 
property is actually similar to the well-known fact that trace equivalence classes of words 
can be represented by particular labeled partial orders. 


LEMMA 2.9. For allu,v € S*:u~v if and only if [p(u)],,, = Lo)I,,,,- 


Proof. Let u € &* anda,b € »’ such that a ¥ b. If u.ab ~ u.ba then a||b, Loc(a) Loc(b) = 
0, and [p(u.ab)],,,, = [e(u-ba)],,,, by Prop. 3.3. Therefore u ~ v implies [p(w)],,,, = [o(v) I, 
for all u,v € X”* (again with the help of Prop. 3.3). To prove the converse property, we 
proceed by induction over the length of wu. The base case is trivial. We consider u,v € ”* 


of length n + 1 such that [p(u)],,,, = Le(e)],,,,- We distinguish two cases: 
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1. u = wu’.a and v = v'.a for some u’,v’ € X* and a € 3’. We have p(w) = p(u’).p(a) and 
p(v) = p(v’).p(a). By Prop. 3.3 we have [p(u’)],,, = [o(v’).,,,- It follows from induction 
hypothesis that u’ ~ v’ hence u’.a ~ v’.a. 

2.u=u'.a and v = v’.b for some u’,v’ € &* and a,b € XY’ with a # b. We have p(u) = 
p(u’).p(a) and p(v) = p(v’).p(b) with p(a) # p(b). Then any labeled causal net K 
from [p(u)],,,, = [e(e)],,, imcludes two maximal events e, and e, labeled by a and b 
respectively. It follows that a||b. Let K’ be the prefix of K obtained by erasing the two 
maximal event e, and e,. We consider a linear extension w’ of the X-labeled events 
from K’. Then K’ is the process from [p(w’)],,,,. Moreover [p(w’.a)],,,, = [e(v’)],,, and 
[e(w’.d)],,,, = Lev’) ],,,,,. By induction hypothesis, we get w'.a ~ v' and w'.b ~ u'. On 
the other hand w’.ab ~ w’.ba because a||b. Hence u ~ w!.ba ~ w'.ab ~ v. 


= 
We consider at present a regular and prefix-closed language L C X™* and a finite au- 
tomaton A(L) = (Q,2,—«z)) whose states are all accepting and which recognized L. 
We may assume that each state of A(L) is reachable from the initial state and each ac- 
tion of 1’ appears on a labeled arc of A(L). We build from the automaton A(L) the PNS 
S(L) = (Q,1, —s(1), Hin) With the same set of states Q, the same initial state 1 € Q and 
such that for each rule r = (a,a,a@) € Ry and all states q,,q2 € Q, there is some labeled 
arc qy —> (1) qo if gq, —> A(L) 92. Observe here the multiset of tokens is left unchanged by 
each rule. Consequently the set of markings reached by prefixes of [S(L)] is finite, i.e. the 
PNS 5S, is prefix-bounded. For any two regular and prefix-closed languages L;, Lz GC ”* 
Lemma 2.9 shows that we have [LZ,] C [Lo] if and only if [$,,] C [Sz,]. Thus the property 
[$1] C [Se] is undecidable for two given prefix-bounded PNS 8, and 82. We can strengthen 
this observation by the next statement. 


THEOREM 2.10. The property [N] C [8] is undecidable for a prefiz-bounded PNS §& and 
a bounded Petri net N. 


Proof. Let L C &* bea regular and prefix-closed language and 8(L) be the corresponding 
PNS. Let N(L) be the Petri net collecting all rules R}, of 8(£). Then [N(L)] = [R35]. 
Moreover we can check that [$(Z)] = [2%] if and only if [LZ] = &”. 

Assume first that [S] = [RS]. Let wu € &*. We have [p(u)],,, = [wl], for some 
w € CS(8). Let v = p-'(w). Clearly v € L. Since [p(u)],,,, = [o(v)l,,,, we get u ~ v by 
Lemma 2.9. Hence &* = [LZ]. 

Assume now that [L] = ©*. Let w € R}. We have p~!(w) € X*. Then p7!(w) ~ wu for 
some u € L. It follows from Lemma 2.9 that [wl], = [o(u)],,,,- Moreover p(u) € CS(S). 
Therefore [R¥],,,, = [CS(S)I,,,- | 

By means of a slightly more involved encoding of Mazurkiewicz traces, we show in the 
next section that Theorem 2.10 holds also if § is a prefix-bounded VASS. 


2.3. Gap between VASS and Petri nets 


At present we focus on the subclass of vector addition systems with states, i.e. Petri nets 
with states with pure rules only. So far no rule from Ry» is pure, so the processes obtained 
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from Rs cannot be described by a VASS. For this reason we have to use a slightly more 
involved encoding of Mazurkiewicz tracesbut we keep the same set of rule names »’Let us 
consider the set of places P° = P x {0,1} and the initial marking w3, = P x {0}. This 
means that we use two copies of each place from P. Moreover we will make sure that any 
reachable marking will contain exactly one of these two copies. Intuitively places tagged 
by 0 are available and may be consumed by the system whereas places tagged by 1 are 
locked and need to be released. We let 7 : P° — P denote the first projection: 7(m,n) = m 
for each m € P. This mapping extends naturally to a mapping from multisets over P° to 
multisets over P: (1) = Yo amn)epe H(m,n) + (m,n). 

We let R; collect all rules (a, a,() over P° such that (a, 7(a),7(3)) € Ry, a(m,n) >1 
implies n = 0 and G(m,n) > 1 implies n = 1. Thus we require that a and ( correspond 
to the same set of untagged tokens, i.e. t(a@) = 7(3). Moreover we require that the tokens 
consumed are available whereas the tokens produced are locked. We denote by 7: Ry — Ry 
the function which maps each rule (a,a,() € Ri to (a,a(a),7(3)) € Ry. It is clear that 
this mapping is a bijection. For instance Figure 13 depicts a synchronization rule from Ry 
together with the corresponding rule from Ry. 

We consider also a set of additional release rules that consume a locked place and 
produce the corresponding available oneas depicted in Figure 14Formally we let R2 denote 
the set of rules (a, a, 3) such that |a| = |3] = 1, a(m,0) = 0 for all m € P, and a(m,1) = 1 
implies G(m,0) = 1. We put Ro = Ri U Ro. 

We build from § the Petri net with states 8° = (Q,2, — 0, u§,) with the same set of 
states Q, the same initial state 2 € Q, and 2, = P x {0} as initial marking. The labeled 
arcs of 8° are defined as follows: For each rule r € Ro and for all states q1,g2 € Q, we put 
qd, —~se qo if one of these two conditions is satisfied: 


—re Ry and q 2 q2 with a= w(r); 
—ré Rand qm = @. 


Note here that S° is a VASS because each rule from Rp is pure. Since each place p € P 
occurs in the location Loc(a) of some action a € ¥’ and each action a appears on a labeled 
arc of A starting from a state reachable from its initial state 2, it is clear that each rule 
from Ro appears in some firable computation sequence of 8°. 

The bijection 7: R; — Ry can be regarded as a function 7 : Ro — Ry U {e} where 
m(r) map to the empty word « for each r € Rg. This function extends naturally to a 
mapping 7 : Rj — R%, which associates each rule sequence 7}...7,, from Rj to the rule 
sequence 7(11)...7(T,) from R%,. Due to the similar structure between 8° and §, it is clear 
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that each computation sequence u of S° maps to some computation sequence m(u) of 8. 
Furthermore, firable computation sequences correspond to firable computation sequences. 
Thus we have 7 : FCS(8°) — FCS(S). The next observation asserts that the mapping 
mt: FCS(8°) — FCS(S) is actually onto. 


PROPOSITION 2.11. For all u € FCS(8) there exists u° € FCS(S°) such that (u°) = u. 


Proof. By an immediate induction over the length of u, we can check that for each 
u € FCS(8) there exists some u° € FCS(S°) such that 7(u°) = u and the marking reached 
by u® is us. = 
Recall that each rule of $ is a synchronisation rule and the initial marking of $ consists of 
a single token in each place. As a consequence, for each rule sequence u € R%, the class 
of processes [u] iss consists of isomorphic labeled causal nets. For any two rule sequences 
u,v € Rt, we put u ~ v if [ul go> [x] je, Similarly, for each rule sequence u € RG, the set 
of processes [ul] pe, Consists of isomorphic labeled causal nets because the marking reached 
by a firable rule sequence is a set (not a multiset). Moreover we have |u| 22, # () if and only 
if the rule sequence w is firable. For any two rule sequences u,v € Rj, we put u &° v if 
u=vor [ul 2 = [v] yo, )). The second observation ensures that this process equivalence 
is preserved by the mapping a : FCS(8°) — FCS(S8). 

PROPOSITION 2.12. For all uy, ug € FCS(8°), uy &° ug implies m(u1) & T(ug). 


Proof. Let ui,u2 € FCS(8°) be such that uy ~° ug and wu, # ug. Let K be the labeled 

causal net from [u,] ue Then uw; and uz are two linear extensions of the partial order of 

rules occurring in K. ‘We may assume that wu; = v.ab.w and ug = v.ba.w with v,w € RG 

and a,b € Ro. We distinguish then two cases. 

1. a€ Ry or bE Rg. Then 7(u,) = 7(ug) hence m(uy) & 7(t2). 

2. a€ R, and be Rj. Since wu, and uz are two linear extensions of K, the guards of a and 
b are disjoint. It follows that m(u1).a(a).1(b) ~ m(ur).7(b).2(a) hence m(u1) & 7(u2). Hl 


We will also need the next technical result. 


PROPOSITION 2.13. For all firable computation sequences v € FCS(8) and all firable rule 
sequences u € Ri, if m(u) ~ v then u &° w for some firable computation sequence w € 
FCS(8°). 

Proof. We distinguish two cases. 


1. The marking reached by wu consists of available places only. We consider the rule se- 
quence w € Rp built inductively over the length of v by replacing each rule r from v 
by the corresponding rule 7~!(r) € R, followed by a series of release rules from R»z 
such that all locked places produced by 7~!(r) are released. Then w € FCS(8°) and 
m(w) = v. Hence m(u) ~ m(w). It follows that u ~° w. 

2. Some places in the marking reached by u are locked. We add a sequence of release rules 
z to u to get w = u.z such that the marking reached by w consists of available places 
only. Then 7(w) ~ v. We apply the first case to get some firable computation sequence 
w’ € FCS(8°) such that w ~° w’. We can remove from w’ the release rules of z and get 
some firable computation sequence w” € FCS(S°) such that u ~° w”. | 
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Observe here the number of tokens is constant whenever a rule is applied. Consequently 
the set of markings reached by prefixes of [S°] is finite, i.e. S° is prefix-bounded. We can 
prove that S° is realizable if and only if S is realizable. Thus, 


THEOREM 2.14. It 1s undecidable whether a given prefiz-bounded VASS is realizable. 


Proof. Let N be the Petri net consisting of all rules of Rs with the initial marking 
[lin = P. By Prop. 2.3, 8 is realizable if and only if [8] = [N]. Moreover N is equivalent to 
a PNS with only synchronisation rules (and with only one state). We let N° be the VASS 
corresponding to N w.r.t. the above construction of $ from 8°. We may apply the three 
above propositions with N and N° respectively. Since N° has a single state, it is equivalent 
to a pure Petri net. Further N° consists of all rules of Ro and its initial marking is p¢,. 
Since each rule from Rp appears in some firable computation sequence of $°, Prop. 2.3 
claims that 8° is realizable if and only if [8°] = [N°]. We can check that 8° is realizable if 
and only if § is realizable. 

Assume first that 8° is realizable: We have [8°] = [N°]. Let K € [N]. Let u be a linear 
extension of the partial order of rules occurring in K. Then u € FCS(N). There exists 
some firable computation sequence u° € FCS(N°) such that m(u°) = u (Prop. 2.11 applied 
with N and N°). Then u° ~° v° for some v° € FCS(S°) because [8°] = [N°]. Furthermore 
u = 1(u°) ~ m(v°) € FCS(S) by Prop. 2.12. Hence K € [8]. It follows that [8] = [NJ, i.e. 
S is realizable. 

Assume now that § is realizable: We have [8] = [N]. By construction, [8°] C [N°]. 
We can check [N°] C [8°], hence [N°] = [8°] and 8° is realizable. Let K° be a process 
of N° and u° be a linear extension of the rules occurring in K°. Then u° € FCS(N°). Let 
u =7(u°). Then u € FCS(N). Since [S$] = [N] we have u ~ v for some v € FCS(S). By 
Prop. 2.13, there exists some v° € FCS(S°) such that u° ~° v°. Then K° € [ee hence 
K° € [8°]. = 

Finally we can consider now the problem of prefix-realizability. We call terminating rule 
each rule | : M—>@ for which M C P? is a subset of places such that 7(/) = P. We 
denote by R3 the set of all terminating rules and we put R, = Ro U R3. We build from 8° 
the Petri net with states 85 = (Q,2, — 2 ; Min) with the same set of states Q, the same 
initial state 2 € Q, the same set of places P° and the same initial marking j3,. Each labeled 
arc from 8° appears in $$. For each terminating rule r € Rg and each state g € Q we add 
a self-loop q S30 q. Then we can check that 8% is prefix-realizable if and only if S° is 
realizable. This leads us to the main result of this section. 


THEOREM 2.15. It is undecidable whether a prefiz-bounded VASS is prefix-realizable. 


Proof. So far, we have proved that the PNS § is realizable if and only if the VASS 8° is 
realizable. We can prove that 8‘ is prefix-realizable if and only if 8° is realizable. Assume 
first that $$ is prefix-realizable. Then Pref([&{]) = [N{] for some Petri net NS. Let 
N° be the Petri net obtained from N‘% by erasing all transitions corresponding to some 
terminating rule. It is clear that [8°] C [N°]. To prove that 8° is realizable, we simply 
check that [N°] C [S°]. Let K € [N°]. We build the label causal net K, from K by adding 
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an occurrence of some terminating rule | : M—9Q. This requires that M coincides with 
the marking reached by K. Then K, is a process of Nj. Hence K, € Pref([S5]). Thus 
K, is a prefix of some process K’ € [u’],,,, where u’ € CS(S{ ). Since the terminating rule 
| : M-—>@ consumes all places from the marking reached by K, it must be the last rule 
of u’, and the single terminating rule of u’, ie. uw’ = u-(L: M—9) for some u € CS(8°). 
Hence K, = K’. Therefore K € [ul], and K € [8°]. 

Assume now that 8° is realizable. Then [8°] = [N°] for some Petri net N°. Adding 
to the Petri net N° a transition for each terminating rule yields a new Petri net denoted 
by N5.. We can check that [85] = [N%], so 85, is prefix-realizable. It is clear that [89] C 
[Ns]. Let K € [Nj] and wu be a linear extension of the partial order of rules in K. Each 
terminating rule | : —+(@ may only occur in wu as the last rule of u. Let v be the word 
obtained by removing the possible occurrence of some terminating rule L : M—9@ from u. 
Then v is a firable rule sequence of N° because uw is a firable rule sequence of N%. Since 
[S°] = [N°], we have le). = lv ‘|,e. for some v’ € FCS(8°). Then [u],,2 = [v'],,° for some 
u’ € FCS(8$ ) obtained from v’ = ‘adding possibly an occurrence some terminating rule. 
Therefore K € [85]. a 


As an immediate consequence, we can now establish the following fact. 


COROLLARY 2.16. Given two prefiz-bounded vector addition systems with states 8, and 82, 
it is undecidable whether [8,] = [S82] (resp. Pref([S1]) = [S82], Pref([Si]) = Pref ([S2])). 


Proof. By Proposition 2.3, a VASS 8 is realizable if and only if [8] = [8’] where 8’ 
is the VASS with a single state which admits a self-loop carrying r if r occurs in some 
firable computation sequence of 8. By Proposition 1.4, we can effectively build 8’ from 8. 
By Theorem 2.14, [S$] = [8’] is undecidable. Therefore [§;] = [$2] is undecidable for two 
vector addition systems with states 5; and 8. 

Observe now that [S’] = Pref([S’]). It follows that [$;] = Pref([S2]) is undecidable for 
two given chemical rule systems 8; and 89. 

Finally, 8 is prefix-realizable if and only if Pref([S]) = Pref([S’]). It follows from 
Theorem 2.15 that Pref([8:]) = Pref([S2]) is undecidable for two vector addition systems 
with states. a 

The gap between vector addition systems with states and Petri nets is illustrated by 
the next result which shows that these decision problems are decidable if one considers 
(possibly unbounded) Petri nets only. 


PROPOSITION 2.17. Let Ny and No be two Petri nets. The property [Ni] C [No] ts decid- 
able. 


Proof. Observe first that this property requires that Ny and N2 share the same initial 
marking. Let R; be the set of rules occurring in some firable computation sequence of 
N;. The set R; can be effectively computed (Prop. 1.4). Then [Nj] C [No] if and only if 
Ry C Ro. | 
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3 Checking reachability properties of process prefixes 


Basic decision problems about the set of reachable markings of a Petri net are known to be 
decidable, namely boundedness, covering and reachability. Due to the simple simulation of 
a VASS by a Petri net recalled in Subsection 1.3 these results apply to the analysis of the 
reachable markings of a VASS or a PNS. 

On the other hand, adopting a partial order semantics leads us to new difficulties and 
the model of VASSs is no longer equivalent to Petri nets. For instance the process language 
equality [Si] = [S2] is 


— decidable for two Petri nets 8; and 82, because one need simply to compare their initial 
markings and the two subsets of rules occurring in their firable rule sequences. 

— undecidable for two prefix-bounded VASSs 8, and 82, because rational sets of Mazurkie- 
wicz traces can be described by prefix-bounded VASSs. 


Thus VASSs and Petri nets are no longer equivalent models under the process semantics. 

In this section we investigate three basic verification problems about the set of markings 
reached by prefixes of processes: boundedness, covering and reachability. We show how to 
reduce these problems to the particular case of Petri nets in such a way that all complexity 
and decidability results extend from Petri nets to PNSs under the process semantics. 


DEFINITION 3.1. A marking s is prefix-reachable in a PNS 8 if there exists a prefix of a 
process of 8 which leads to the marking p. 


Thus any reachable marking marking is prefix-reachable. In the particular case of Petri 
nets, conversely, any prefix-reachable marking is reachable, because the class of processes 
is prefix-closed. However the set of prefix-reachable markings can differ from the set of 
reachable markings in general. For instance, each process of the PNS from Fig. 1 leads 
to a marking with at most 3 tokens whereas prefixes of these processes lead to infinitely 
many distinct markings (see in Fig. 2 a prefix of a process which leads to a marking with 
4 tokens). 

The first basic problem we consider is the prefix-boundedness problem, which asks 
whether the set of prefix-reachable markings of a given PNS § is finite. We give below a 
linear construction of a PNS 8° from § such that § is prefix-bounded if and only if 8° is 
bounded. Since the boundedness of 8° boils down to the boundedness of a Petri net, we 
get that the prefix-boundedness problem for PNSs is computationally equivalent to the 
boundedness problem of Petri nets. Further we show that this technique apply to other 
similar basic problems about prefix-reachable markings, namely covering and reachability. 


3.1 From Petri nets with states to Petri nets 


Let S = (Q,2, —, in) be a fixed PNS. We build a PNS 8° that allows us to analyse the set 
of prefix-reachable markings of 8. The construction of $° from § is illustrated by Fig. 15. 
The PNS 8° makes use of three disjoint sets of places: Pore, Psur, Pews which are copies of 
the-set-or places Por 8. We: let aise oP > Prede Tet ho Pe, 80d Mat PS Peak Be 
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Fic. 15. Verification of prefix-reachable markings 


the bijections that map each place from P to the corresponding place in Pore, Pout and Psur 
respectively. These mappings extend naturally to mappings from multisets to multisets. 
The initial marking p?, of $° is the multiset ww, = Tpre(Min)- 

The PNS S° shares with 8 its set of states Q and its initial state 2. It consists of three 
disjoint sets of labeled arcs: —>pre, — sur; —cut. The restriction of 8° to the labeled arcs 
from —+pre and to the places from Pre yields a PNS 85,, isomorphic to 5. Thus for each 


labeled arc q, —> q2 in $ with r = (a,*r,r*) there exists some labeled arc q — are gz with 
S = (G, Mpre(°), Mpre(7*)). Similarly the restriction of 8° to the labeled arcs from —gu¢ and 
to the places from Psy, yields a PNS 88,, isomorphic to §, except that its initial marking 
is empty: For each labeled arc q, —> q in 8 with r = (a,*r,r*) there exists some labeled 
arc G1 —sut g2 With s = (a, Tsut(°), Tsut(7*)). Note that the two PNSs Sere and S%,- are 
synchronized because they share a common set of state. The set of labeled arcs — cu 
consists of a self-loop ¢ —cut g for each state g and each place p € P; this labeled arc 
allows to move a token from the place 7p,¢(p) to the place 7,u¢(p) and to keep track of that 
transfer in the place Tut (p), ie. °S = Mpre(p) and s* = Teust(p) + Teut(p). Note that tokens 
in Poy cannot be consumed. 

Intuitively, for any process K of § and for any prefix K’ of K, the PNS S° can simulate 
a computation sequence of 8 which corresponds to K in such a way that each event from 
the prefix Kc’ corresponds to the occurrence of a labeled arc from —~»p;.- and each event 
from the suffix K \ K’ corresponds to the occurrence of a labeled arc from —+,,¢. Moreover 
the set of places P.., keeps track of the tokens transferred from K to K’, i.e. from Sore tO 
SS, by labeled arcs from —>,y,. Thus any prefix-reachable marking of 8 is represented 
by the restriction to Pre U Pax of some reachable marking of 8°. The key property of this 
representation, stated in Prop. 3.2 below, asserts that, conversely, each firable computation 
sequence of 8° corresponds to a process K of § and a prefix K’ of K such that the marking 
of Pore U Pout describes the marking reached by K’. 


In order to prove our results in details, we shall adopt also the next notations: 


— We denote by Tpre and Tgu¢ the bijections that maps each labeled arc ¢ — q' from § to 
the corresponding labeled arc in — pre and —sup respectively. 
— For each state q € Q, we denote 72, the bijection between P and the self-loop labeled 


Ue 
on q from — 4. 
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In the next statement and the sequel of this section, for each marking py and for each subset 
of places X, we denote by u|X the restriction of ~ to the places from X. The main results 
of this section rely essentially on the next observation. 


PROPOSITION 3.2. A multiset of places u € N? is prefiz-reachable in & if and only if there 
exists some reachable marking 1° of 8° such that 1 = 754(U°|Pore) + Tout(H°| Pout): 


pre 


3.2 Proof of Proposition 3.2 


For each rule sequence u = 1}...%, € R*, the cost of u is the vector cost(u) € ZP such 
that cost(u)(p) = 7, *ri(p) — ri®(p) for each p € P. In particular the cost of the empty 
rule sequence is the null vector. If a rule sequence uw is firable from a marking p then the 
marking reached by u from pz is 44 —cost(u). Let K be a process of a rule sequence uw firable 
from yu. Then ys — cost(w) is the marking reached by K from jz. Moreover the marking 
4 — cost(u) corresponds to the set of conditions in K that are not input places of any event 
in K (which means intuitively that they are still available), i.e. to the maximal places of 
K: We have ps — cost(u) = do pemax(kynp ™(P)- 

For each rule r such that *r < py — cost(u), we let K -r denote the class of labeled 
causal nets obtained by adding to K an event that describes an occurrence of rule r which 
consumes °r available conditions from K. 


PROPOSITION 3.3. Let uw € N’. The class of processes of a rule sequence u € R* satisfies 
the three following properties: 


— Ifu is empty, i.e. u =e, then each process from lel, consists of per H-(P) conditions 
and no event. 
— for all rules r € R, [u.r],, is empty if [ul,, is empty or *r > ps — cost(u). 
— for all rules r € R, if [u],, is not empty and *r < ps — cost(u) then [u.r],, collects all 
processes from K.-r for all processes K€ [u],,- 
Proof. By Definition 1.5, a process of the empty rule sequence from a marking jz consists of 
a set of labeled places which represents jz. Consider a rule sequence u and a rule r. Assume 
that [u.r],, is not empty. Let K be a labeled causal net from [w.r],,. We have already noticed 
that some prefix K’ of K is a process of u from jz. Therefore [ul] , 18 not empty. Moreover 
K belongs to K’- r. Since u.r is a firable rule sequence, *r is smaller than the marking 
reached by wu from p, i.e. *r < 4 — cost(u). Thus, if [vu], is empty or *r > ys — cost(u) then 
[u.r],, is empty. On the other hand, if [ul], is not empty and *r < ps — cost(u) then any 
labeled causal net from K’-r where K’ € [ul,, is clearly a process of u.r from py. Further 
any process from [w.r] , can be obtained in this way. = 
Given two multisets of places p41, 2 € N”, the maximum max(/1, [12) collects the maximal 
number of tokens in each place: max(j/1, W2)(p) = max({11(p), U2(p)) for each p € P. We 
will make use of the following requirement function req : R* — NP. 


DEFINITION 3.4. The requirement of a rule sequence u € R* is the multiset of places 
defined inductively as follows: 
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= rege) = 0, 
— req(u.a) = max(req(u),*a+ cost(u)) for allu € R* andallae R. 


The next observation shows that the requirement of a rule sequence u is the minimal 
marking js such that u is firable from j1, i.e. [ul,, 4 0. 


PROPOSITION 3.5. Let u € R* and p € N?. Then [ul], £9 df and only if w > requ). 


Proof. We proceed by induction over the length of wu. If wu = € then req(u) = 0 hence 
ft > req(u). Moreover fe], contains each labeled causal net with no event and with a set 
of conditions representing the marking jz. Induction step: Let u € R* and a € R. Assume 
first that [u.a],, 4 0. By Prop. 3.3, we have > °a + cost(u). On the other hand, we have 
[u],, #9 hence p > req(u) by induction hypothesis. Thus 4. > max(req(w), *a + cost(w)) = 
req(u.a). Assume now that [u.a],, = 0. We distinguish two cases. 


1. [u],, = 9. Then, by induction hypothesis, we have ps < req(u) < req(u.a). 
2. [u],, #0. Then, by Prop. 3.3, we have ps < *a + cost(u) < max(req(u), °a + cost(u)) = 
req(u.a). 


Thus [u.a],, 4 0 if and only if p > req(u.a). = 

For each rule sequence u = 7}...7, € R* firable from puj,, we let jz,, denote the marking 
reached by wu from /lin, ie. fu = Min + doi, (ri® —°r;). Similarly for each transition sequence 
s € TX firable from the initial marking ps,, wg denotes the marking reached by s in 8°. 

We shall use the following notion of partial computation: A partial computation is a 
triple (u,v,w) € R* x R* x R* such that [v.w],, 9 [ul], 4 9 and uw € CS(S8). Then 
[x] ie # () hence the rule sequence v is firable from jii,. A partial computation is used as 
a witness for a process K, of u and a prefix K, of K,, with K, € [v] has Note that v need 
not to be a prefix of u, nor to be a computation sequence of 8. Partial computations are 
closely related to prefix-reachable markings, as the next basic observation shows. 


PROPOSITION 3.6. For each partial computation (u,v, w), the marking pl, is prefiz-reachable. 
Conversely, for any prefiz-reachable marking ps, there exists some partial computation 
(u,v,w) such that = py. 


Proof. Let (u,v,w) be a partial computation: There exists some labeled causal net K 
such that K € [vw], [ul,,,,. By Prop. 3.3, K may be built from a causal net Ky, € [v],,,. 
by adding the sequence of rules w, one after the other. Thus XK, is a prefix of K and ju, is 
prefix-reachable. 

Let K ¢€ [u],,,, with wu € CS(S8) and K’ be a prefix of K. Let v be a linear extension of 
the partial order of rules occurring in K’. Then K’ € [vu], and 1, is the marking reached 
by K’. Let w be a linear extension of the partial order of rules occurring in the suffix 
K \ kK’. Then v.w is a linear extension of the partial order of rules occurring in K hence 
K € [v.w],,,- Therefore (u,v, w) is a partial computation. = 


LEMMA 3.7. Let (u,v, w) be a partial computation anda € R be a rule such that °a < ly. 
Ifu.a € CS(8) then (u.a,v,w.a) is a partial computation. 
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Proof. Let K be a labeled causal net from [v.w],,, 9 [ul,,,,. Since *a < py, the class 
[u.a],,,, is not empty (Prop. 3.3). Moreover all causal nets from [u.a],, are obtained from 
some causal net from [uv], by adding an occurrence of rule a. In particular we can add 
an occurrence of rule a to K and get a causal net from [u.a],,,. The latter is also a causal 
net from [v.w.a],,,, since K € [v.w].,, - 7 

The proof of Prop. 3.2 relies on the two next technical lemmas which can be established 
by means of a bit tedious inductions. The first one asserts that for each firable computation 
sequence u € FCS(S) and each prefix K, of each process Ky, € [ud the VASS 8° can 
be guided in order to simulate each rule of u in its sequential order so that the marking 
reached by u is described by the current marking of Pp. U Pour while the marking reached 
by K, is described by the current marking of Pye U Pout. Furthermore we have to make 
sure that the state g € Q reached by wu is also reached by s in 8° and to check that all 
events from K, that do not occur in K, are performed by transitions from —,ys. To do 
so, we have to guide 8° to transfer exactly the required number of tokens from Ppre to Psug, 
which corresponds to the marking of P.y. 


LEMMA 3.8. Let (u,v,w) be a partial computation in & and q be some state such that 
1—+qin8. There exists some firable rule sequence s in 8° which leads to the marking p° 
such that 


-1 


(a) Taalfie Pee) al Tore (Ls |P pre) = fy, 
(b) ABs! Paap) Pipes (HS | Pore) = tes 
(c) Teys(Mg| Pout) = req(w), 

(4) 1 —> g in. 


Proof. We proceed by induction over the length of u. If Ju] = 0 then u = ¢, q = 12, 
v =e and w = e. The empty firing sequence of S° satisfies the four above properties 
because 3, = Tpre(Hin). Induction step: We consider some partial computation (u’, v’, w’) 
with |u’| =n+1. We put u! = u.a with Ju] =n andi “> q “> /. Let Ky, Ky and K,y 
be three labeled causal nets such that Ky € [u'],, O[v'.w'],,, Kw € [v'],,, is a prefix of 
Ky and Ky € [w’] y,, 18 the corresponding suffix. We know that Ky is obtained from some 
process K,, € [u],,,, by adding an event e, that corresponds to an occurrence of rule a. We 
distinguish two cases. 


1. Event e, occurs in K,. Then there is some rule sequence w such that K, € [w.a] tie 
and K, € [v’-w],.,,, so (u,v’,w) is a partial computation of length n. By induction 
hypothesis there exists some firable computation sequence s in 8° such that the four 
above properties are satisfied. In particular, 7a,(12|Peout) = req(w). Moreover Prop. 3.5 


ensures that req(w.a) < py because K,y € [w.a] yu. Furthermore we have on one 
hand ma (uo|Peut) = req(w) < req(w.a); and on the other hand req(w.a) < py ie. 


req(w.a) < mae (H3|Pout) + Tore(H43|Ppre)- Therefore 


Tout (us| Pout) < req(w.a) < Teas (ie | Peat) at Taal Foie) 
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It follows that there is some multiset of places fi € N? such that 74(u°|Peut) + & = 
req(w.a) with Mpre(f) < "8|Pore. We consider a sequence of transitions A €—*,, in 
S° which consumes the multiset of tokens 7p,.(/t) and produces the multiset of tokens 


Tsut({t). We have 
"at by — by = °a+ cost(w) < max(req(w), °a + cost(w)) = req(w.a) 


Hence [,, — [ly + req(w.a) > *a. On the other hand 
[lu by Hreq(w.a) = pu byt Mout (Us| Peut) +f = bu-TMore(M§| Pore) + fe = Taye (Hs | Pout) +f 


Hence m7 (u° 4|Peut) = ™oay(uo|Peur) + > %a. It follows that s.A.t.y¢(a) is a firable 

computation sequence of $°. The latter satisfies the required conditions: 

(a) Tore eA esat |Pore) = Tpre(H$|Ppre) — fi and Toate a gs cat) = Wout (H3|Pout) + fi 
hence reo 4 rue(a)|Ppre) + Mout (HS. A reue(a) Pout) = Tore (Ms |Pore) + Mout (48 |-Pout) = ber 

(b) 77. Tes (HS. Tsut(@) )|Pore) = ae (115 | Pore) — A, Tat HSA resale) | Pout) = Tat (3 | Paut) p= "ap 
a® therefore Tore(bs, A-teus(a IF, ore) + gut (HSA reaela) |Psut) = Terre dba E pie) + Maye Ee) Pant) = 

*a ; a? = bua = bu. 
(C) Teut Eee A-tous(a )|Peut) = = Tout + (H3|Peut) + fi = req(w.a). 


Ores Se ¢ 


. Event e, occurs in Ky. Then there exists some v such that K, € [v.a], and K, € 


Hin 
[v.w’'],.,.- It follows that (u,v, w’) is a partial computation of length n. By induction 
hypothesis, there exists some firable computation sequence s in 8° such that the four 


above properties are satisfied. Then we have 


S fly — req(w’) = TA eae) - ii (fis lore) _ Tout (He|Peut) = Texel ble (Pore) 


Therefore 7,,¢(a) can be fired from the marking ju? and we get a new firable computation 

sequence s. Tpre(a ). The latter fulfills ihe required properties. 

(a) We have meu e(HS, Tore(a) )|Peut) = = Tout (13 |Pout) and Tore( Hs, Tpre(a | Pore) = Tore (Hs|Ppre) _ 
*a +a®, hence Wart (H2 rp,0(a)/Peut) + Mpre(H’. ryre(a)|Ppre) = Hv. 

(b) Since wei SP = Taye(HS| Pout) and more ( HS rpee(a)|Ppre) = Tpre(Hs| Pore) — °a+ 
a® we get Tat (HS trea) | Pout) a Tore( HS. rore(a) pre) = bua = Mu. 

(6) Tak (12 py(aylPout) = Tea ({t2| Pauw) = rea (w'). 


(4) 2 yet i 


ae 


LEMMA 3.9. Let (u,v,w) be a partial computation and a € R be a rule such that °a + 
req(w) < py. If u.a € CS(S) then (u.a,v.a,w) is a partial computation. 


Proof. Let K, € [u],,, and let K, € [uJ], be a prefix of K,. Since w is firable from 


req(w), there exists some labeled causal net K,, € [w] 


req(w): We can build a process Ki, 
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of u which admits K, as prefix and such that the suffix K’ \ K, corresponds to K,,. In 
particular only req(w) tokens from the multiset ju, reached by K,, are consumed by K,,. 
Then we can add an occurrence of rule a to K/, which consumes *a remaining tokens from 
by — req(w). = 

Conversely we need to show that the marking of P,- U Pout reached after any firable 
transition sequence s of S° corresponds to a prefix-reachable marking of §, i.e. to some 
partial computation (u,v, w). To do so, we have to build a firable rule sequence u € FCS(S), 
a process K, € [ul], and a prefix K, € [v],,, inductively from s. At each step the state 
reached by s coincides with the state reached by u. When 8° applies an additional labeled 
arc a, the corresponding partial computation is either (u,v, w) if @ CE out; or (ur, v, W.r) 
if a C— gut OF (u.r,v.r,w) if a ES pre: In this last case, the rule r and the sequence of 
rules w can be performed concurrently: Formally we shall establish that *r + req(w) < py. 
This property follows actually from the fact that w can be fired from the marking obtained 
by the tokens transferred from Pore to Paur, ie. Teut(req(w)) < M2] Peut- 


LEMMA 3.10. Let s be a firable rule sequence in 8° leading to the state q and the marking 
uc. There exists some partial computation (u,v, w) of & such that 


(a) 7 Wait H3|Pout) + Tee Poe) = by, 
(b) T syp(Ht5| Pang) + Tore(Hs|Ppre) = bu, 
(c) 7 Tous(Hs|Peut) 2 req(w \ and 

(4) 1 —> q in 8. 


Proof. We proceed by induction over the length of s. If |s] = 0 then s = ¢; the empty par- 
tial computation (¢,¢,¢€) satisfies the four requirements because 8, = Tpre(Hin)- Induction 
step: Let s.a be a firable computation sequence of length n + 1. By induction hypothesis, 
there exists some partial computation (u,v, w) which fulfills the four above requirements. 
We distinguish three cases: 


hei ent q in 8°. Then we can check that (u,v, w) satisfies the four requirements for s.a. 
(a) 7 eat nen acne) 7 Teal. alt pee) = rad (US| Pout) oT Toze(He|Pore) = by. 
(b) 7 Tat (Me. al Pout) a Wace be al Pore) = Tut He | Pout) ae Tore(be|Ppre) = bu. 
(c) We have mut (H§ al Peut) > Tout (Hs |Pout) > req(w). 
(d) 2 4, q by induction hypothesis. 

9) Ge Sag g Then a ae t®) is an arc g —~s q' in § and u.r is a computation sequence of 
8. Moreover 755(° a| Pou) = = *r and 7,,;(a°|Peur) = 7°. Furthermore °a < y°, hence *r < 

T+ (Uo|Pout) < fu. By Lemma 3.7 we know that (u.r,v,w.r) is a partial computation 
of &. Moreover 
(a) 7 Test ile a|Peut) + Tsa\ble | pte) = Tat (ie | Peat) ie Tere He | ee) = by. 
(b) 7 Tout (Ws, g\F aut) oi eal Gus drei) — ant (fe | Eaue) Tv Toe iba we) or Tait (a = *a| Pout) a 
Lu *r +r = = ur: 

(c) We have pis.a|Peut = [4s|Peut. Moreover °a < yu, hence 


Tout (He | Pout) S Moat (HE| Pout) +Map(°A—LS| Pout) = TH (°@| Pour) + (MoM) = *rtcost(w) 
Then 131(122¢|Paw) = 7ob(u2|Paue) > max(req(w), *r + cost(w)) = req(w.r. 
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(a) 1 gq —> ganda — g — 7. 
3. : pre q’. Then 7,,¢(a) is an are gq —s q'. Moreover 7 
*. We observe first that 
oe aa lea cane Tete al Pore) = Hu — Tore(°@| Pore) a Tore(2”| Pore) = by.r 
0) mp Wl Pat) + Mk Sal Pre) = Bu — Meal Poe) + MP) = Br 
(c) Tout (HS, alFeut) = = mat (H3|Peur) > req(w) 
(d) q—> q' in 8. 
Since 2 > °a, we have Tels Fore) 2 > m5,4(°a|Pore)- On the other hand, ma4(u3| Pout) > 


req(w ); hence ie Gi, eee) + Tout (HS | Pout) 2 feat a| Pore) +req(w ) 1.€ by 2 *r +req(w). 
By Lemma 3.9, (u.r, v.r, w) is a partial computation. a 


eae a|Pore) = *r and el ( °| Pore) = 


We are now ready to prove Prop. 3.2. Let sz be the marking reached by a prefix K’ of 
a process K € [8]. According to Prop. 3.6, there exists some partial computation (u, v, w) 
such that pw, = uw. By Lemma 3.8, there exists some firable rule sequence s in 8° such that 
Tak(Ue|Paws) + Mo(Ho|Pore) = flo = He Conversely if ma3h(u2|Peus) + Ta b(ue| Pore) = 1 for 
some firable rule sequence s in 8° then Lemma 3.10 ensures that there exists some partial 
computation (u,v,w) such that m4 (u°|Peut) + Tro(Hs|Ppre) = fy. Moreover Prop. 3.6 
asserts that 1, is the marking reached by some prefix K’ of some process K € [8]. 


3.3 Analysis of prefix-reachable markings 


At present we make use of the properties of the PNS 8°, in particular Prop. 3.2, in order 
to derive some techniques to analyse the set of prefix-reachable markings of 8. First, the 
prefiz-boundedness problem asks whether the set of prefix-reachable markings of a given 
PNS § is finite. It is easy to prove that the PNS § is prefix-bounded if and only if the PNS 
S° is bounded, which can be checked by means of the usual linear simulation by a Petri 
net. Moreover, prefix-boundedness is equivalent to boundedness in the particular case of 
Petri nets because the set of processes of a Petri net is closed by prefixes. Thus, 


THEOREM 3.11. The prefiz-boundedness problem of PNSs is computationally equivalent to 
the boundedness problem of Petri nets. 


Proof. It is clear from Prop. 3.2 that if S° is bounded then there are finitely many prefix- 
reachable markings in 8. Conversely, assume that § is prefix-bounded. Then there exists 
some M € N such that p,(p) < M and pu,(p) < M for all partial computations (wu, v, w) 
of § and all places p € P. Then Lemma 3.10 ensures that if a firable rule sequence of 8° 
leads to some marking yz then ju(p) < M for each place p € Pge. = 
Second, the prefiz-covering problem asks whether a given multiset of places pp € N? is 
covered by some prefix-reachable marking pi’ € N”, i.e. u(p) < p’(p) for all p € P. It is 
easy to see that yu is prefix-covered in § if and only if the multiset of places tay(f) is 
covered by some reachable marking of 8°. Thus, 


THEOREM 3.12. The prefix-covering problem for PNSs is computationally equivalent to 
the covering problem in Petri nets. 
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Proof. The prefix-covering problem is equivalent to the covering problem in the particular 
case of Petri nets. Thus the prefix-covering problem of PNSs is as difficult as the covering 
problem of Petri nets. Moreover checking the coverability of a given marking by the reach- 
able markings of a PNS can be checked by means of the linear simulation of a PNS by a 
Petri net. Thus we need simply to show that a marking jug is prefix-covered in S$ if and 
only if the multiset of places 7eut(J19) is covered by some reachable marking of 8°. 

Let uo € N’ be a multiset of places. Assume first that jg is covered by some prefix- 
reachable marking yu of 8: tuo < pu. By Prop. 3.2, there exists some reachable marking ,u° 
in 8° such po = 775.4(U°|Pore) + Meat (H°| Pout) Due to the self-loop labeled arcs from —rut 
in 8°, we can assume that °|Pore = 0 hence Teur(ts) = M°|Peut and Teut (Wo) < 1°|Peut- 

Conversely, assume now that Teut(fo) < u° for some reachable marking p° of 8°. Then, 
by Lemma 3.10 and Prop. 3.6, fio < Tat (H°|Peut) < ps for some prefix-reachable marking ju 
of S. a 

Last but not least, the prefix-reachability problem asks whether a given multiset of 
places is prefix-reachable in 8. Let us consider a slight modification 8’ of 8° where for each 
place p € Puy, each state gq € S° is provided with an additional self-loop labeled arc which 
carries a rule that consumes a token from p and produces nothing. Then a multiset p of 
places is prefix-reachable in § if and only if 7eu:(~) is reachable in 8’. Thus, 


THEOREM 3.13. The prefiz-reachability problem of PNSs is computationally equivalent to 
the reachability problem of Petri nets. 


Proof. The prefix-reachability problem is equivalent to the reachability problem in the 
particular case of Petri nets. Thus the prefix-reachability problem of PNSs is as difficult 
as the reachability problem of Petri nets. Moreover checking the reachability of a given 
marking in a PNS can be checked by means of the linear simulation of a PNS by a Petri 
net. Thus we need simply to show that a multiset jz of places is prefix-reachable in 8 if and 
only if 7eut() is reachable in 8’. 

Let w € N” be a multiset of places. Assume first that jy is prefix-reachable in &. 
By Prop. 3.2, there exists some reachable marking p° in 8° such p = m5("°|Pore) + 
Teak (f° | Pout): Due to the self-loop labeled arcs from — >, in $°, we can assume that 
L°|Pore = 0 hence Teut(u) = L°| Pout. Then Teur (fs) is reachable in 8’ because the additional 
self-loop labeled arcs of 8’ enable us to remove all tokens in all places from Py. 

Conversely, assume that 7cut(/z) is reachable in 8’. Then there exists some reachable 
marking y° in 8° such that Ter () = w’|Pour and °|Pyre = 0. It follows from Lemma 3.10 
and Prop. 3.6 that p is prefix-reachable in 8. a 


4 Checking MSO properties of processes 


In this section we show how to check effectively whether all processes of a given bounded 
Petri net with states § satisfy a formula 7 expressed in monadic second-order (MSO) logic. 
To the best of our knowledge, this model-checking problem has not been tackled yet, even 
in the particular case of Petri nets. Our approach is rather simple and relies only on Biichi 
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Theorem [5] which states the equivalence between the definability of a set of words by an 
MSO formula and its recognizability by a finite word automaton. 

In the rest of this section, we fix a bounded PNS § with an initial marking ju;, over the 
finite set of places P and the finite set of rules R. In order to simplify the presentation of 
our result, we consider in this section that the events of a process are labeled by a rule 
instead of a rule name. The MSO logic we consider applies to the class of partial orders 
whose nodes are labeled by letters from the disjoint union XY’ = PUR, which includes in 
particular the processes of each rule sequence s € R*. Thus the models we consider here 
are triples (IV, <, A) where N is a finite set of nodes, = is a partial order over N, and is 
a mapping from N to ©} = PUR. 


4.1 MSO logic over words and labeled partial orders 


Formulae of the MSO logic that we consider involve first-order variables x, y, z... for 
nodes and second-order variables X,Y, Z... for sets of nodes. They are built up from the 
atomic formulae P,(x) for a € »’ (which stands for “the node z is labeled by the letter 
a”), x =< y, and x € X by means of the Boolean connectives =, V, A, >, and quantifiers 
4,V (both for first order and for set variables). Formulae without free variables are called 
sentences. 

The satisfaction relation / between a labeled partial order (V, <, \) and a sentence is 
defined canonically with the understanding that first order variables range over nodes of 
N and second order variables over subsets of NV. The class of labeled partial orders which 
satisfy a sentence y is denoted by Mod(y). We say that a class of labeled partial orders £L 
is MSO-definable if there exists a sentence y such that £L = Mod(y). 


4.2 A technique to decide 8 | w 


Since & is bounded, we can compute and fix some natural number B such that each 
reachable marking yz of 8 is B-bounded, that is, u(p) < B for each p € P. A rule sequence 
S$ =T1}...%m € R* firable from juin is said to be B-bounded if the marking reached by each 
subsequence 71...7; is B-bounded. In particular any firable computation sequence of § is 
B-bounded. 

We fix a word wi, € P* that is a linear extension of fin, i-e. |Win|p = Hin(p) for all p € P. 
Similarly, for each rule r € R, we fix a word w, = r.w}, where |w}|, = r°(p) for all p € P. 
Then for each rule sequence s = 11...rm € R*, the sequence ws = Win.Wr,..-Wr,, 1S called 
the representative word of s. As usual, we will regard w, as a linearly ordered set of nodes 
labeled by letters from 27 and we will write w, = (N,<,) where N is a set of nodes, < 
is a total order over N, and \: N — » is a labeling. Nodes labeled by a place are called 
place nodes whereas nodes labeled by a rule are called rule nodes. Interestingly, w, is a 
linear extension of any process of s, where the place nodes following a rule node labeled 
by r correspond to the multiset of tokens r® produced by this occurrence of r. 

In order to recover a process of s from the representative word w,, we need to specify 
which available tokens are consumed by each occurrence of rule. To do so, we use a coloring 
of the place nodes of w, so that at each step all available tokens in a given place get distinct 
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Fic. 16. A process coloring of ws = xyzpzxcy and the corresponding process 


colors. Moreover we also provide rule nodes with a series of other colors in order to specify 
which tokens are consumed at each step of s. 


DEFINITION 4.1. Let w = (N,<,A) be a linear order of nodes labeled by 7. A process 
coloring of w consists of 


— a partition C = {C,...,Cg} of the set of place nodes; a place node n € N is said to be 
colored by k in place p if \(n) =p andn € Cy. 

— for each place p € P and each k € {1..B], a subset of rule nodes Dyx.; we say that a rule 
noden € N consumes a token colored by k in place p if n € Dpx- 


Moreover the three next conditions must be satisfied: 


PC,: For each rule node n, for each place p € P: #{k € [1..B] | n€ Dax} = CA(n))(p); 

PC,: For each place p € P and each color k € {1..B], any two place nodes colored by k 
in place p are separated by some rule node which consumes a token colored by k in 
place p; 

PC3: For each rule node n which consumes a token colored by k in place p, there exists 
some preceding place node n’ < n colored by k in place p such that no rule node 
between n' and n consumes a token colored by k in place p. 


Intuitively a place node belongs to C;, if it describes a token colored by k in place \(n) € P. 
A rule node n belongs to D,, if it describes an occurrence of the rule A(n) € R which 
consumes a token colored by k in place p. Thus the condition PC, asserts that n consumes 
the appropriate multiset of tokens in each place, provided that these tokens have distinct 
colors. Precisely PC guarantees that the colors given to new tokens produced by the 
occurrence of a rule in a place differ from the colors used by available tokens in this place. 
It ensures also that the tokens produced in some place by the occurrence of a rule get 
distinct colors. Consequently, at each step all available tokens in a place have distinct 
colors. In order to recover a process of s from a process coloring of w,, we have to make 
sure that there are enough available tokens when each rule is applied. The last requirement 
PC3 guarantees that for each rule node which consumes a token colored by k in place p, 
some token of this kind occurred before the rule and has not been consumed in between. 

We can show that the notion of process coloring characterizes the linear extensions of 
processes and allows to recover a process from a word. This property is established by the 
two next statements (Prop. 4.2 and 4.3). Consider for instance the rule sequence s = pc 
from the initial marking pin = {x,y,z} where p: r>x+ 2 andc: y+z-—y. A process 
coloring of w, = xyzpzxcy with B = 2 is given by the tabular on the left-hand side of 
Fig. 16. The corresponding process is depicted on the right-hand side of Fig. 16. 
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PROPOSITION 4.2. Let w, = (N,<, 2) be a linear order of nodes labeled by »’ which cor- 
responds to the representative word of a rule sequence s € R*. Let C = (Ck)refi..py and 
D = (Dpxk)pepreli..B] be @ process coloring of ws. Let = be the binary relation over N such 
that x~< y if 


— either x is a rule node and y is a following place node with no rule node in between 

— ory is a rule node and x 1s a preceding place node colored by k in place p such that y 
consumes a token colored with k in place p and no rule node between x and y consumes 
a token colored with k in place p. 


Let = be the reflexive and transitive closure of ~ . Then the labeled partial order (N, =, 2) 
is a process of s firable from pin, denoted by Kco.p(s). Moreover s is B-bounded. 


Proof. We proceed by induction over the length of s. The base case where |s| = 0 is 
trivial because ~ is empty and pin(p) < B for each p € P. Induction step. Let s = r1...7m 
be a rule sequence of length m > 1 and w, = (N,<,A) be its representative word. Let 
(C,D) be a process coloring of w,. We consider the subsequence s’ = 1}...7m__1 and its 
representative word wy = (N’,<,A) with N’ C N. It is easy to check that the restriction 
of the process coloring (C, D) to the nodes from N’ is a process coloring of w.. Let < . be 
the corresponding binary relation over N’ and =, be the corresponding partial order. By 
induction hypothesis, (V’, <,/, A) is a process K’ of s’ and s’ is a rule sequence firable from 
Hin and B-bounded. Note that the binary relation < is acyclic. Moreover the restriction 
of (N, <, A) to nodes of N’ is precisely the process K’ = (N’, =z, A) of s’. We need to check 
that adding the nodes from N \ N’ to K’ according to ~< yields a process of s. To do so, 
we check the three next properties: 


1. For each place p € P, the rule node n° € N \ N’ corresponding to rz covers at most 
*r.(p) place nodes labeled by p, ie. #{n € N’ | n= n° A X(n) = p} < °rz(p). This 
follows from PC; and PCy. 

2. For each place p € P, the rule node n° € N \ N’ corresponding to rz, covers at least 
*r.(p) place nodes labeled by p, ie. #{n € N’ | n~n° A X(n) = p} & °r;(p). This 
follows from PC; and PC3. 

3. The conditions do not branch, i.e. for each place node n € N, ifn~< n, and n= nz then 
nN, = Ng. This is ensured by the definition of <: itself. 


It follows that the labeled partial order K = (N, =<, A) is a process of s. Thus s is firable 
from fin. Finally for each place p and each color k, PCy guarantees that at most one place 
node colored by & in place p is not covered by a rule node. Therefore the marking jz reached 
by the process K satisfies y4(p) < B for all p € P. Thus s is B-bounded. = 

Thus each process coloring of w, yields a process from [s] he Consequently s is firable 
from [jn as soon as it admits a process coloring. With no surprise s has to be B-bounded, 
too. Conversely the next result asserts that each process of any rule sequence s firable from 
[in can be obtained by some process coloring of w,, provided that s is B-bounded. 


PROPOSITION 4.3. Let 5s = r}...%m be a B-bounded rule sequence firable from pin and K 
be a process of s. Then there exists a process coloring (C, D) of the representative word w, 
such that Ke.p(s) is isomorphic to K. 
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Proof. We proceed by induction over the length of s. The base case where |s| = 0 is trivial 
because juin, is B-bounded. Induction step. Let K = (BUE, F*, X) be a process of 8 = 11...7m 
of length m > 1 with set of conditions C' and set of events E. We consider the subsequence 
s' = 11...%m—1 and the prefix K’ = (B’ U E’, F*,X) of K in which the event e° € E 
corresponding to the last occurrence of r,, and the subsequent conditions are removed. 
Clearly K’ is a process of s’. By induction hypothesis, there exists a process coloring 
(C’, D’) of wg such that Ke p(s’) = (N’, Xcvp’, A) is isomorphic to K’ = (B'U E’, F, d). 
We let o : B’U E’ — N’' denote an isomorphism from K’ to Kc ,p/(s’), ie. a bijection such 
that 


— © F* 2 iff o(41) Xcrp o(X2) for all 21,22 € B’U E’ and 
— X(o(xz)) = A(z) for alla € BU E". 


We extend the bijection 0 : B’U E’ > N’ to a bijection 0: BU E — N such that 


— o(e°) is the rule node from N \ N’, and 
— each condition c from B\B’ maps to a place node o(c) € N\N' such that A(a(c)) = A(c). 


We extend also the process coloring (C’, D’) to a process coloring (C,, D) of ws in two steps: 


1. For all places p € P and for all colors k € {1..B], the rule node a(e°) belongs to Dy, if 
the event e° covers a condition c such that the corresponding node o(c) is labeled by p 
and colored by k, i.e. A(c) = p and o(c) € C. 

2. The colors of the additionnal place nodes from N \ N’ are chosen arbitrarily such that 
all maximal conditions of K labeled by the same place p have distinct colors. This is 
possible because the marking reached by s is B-bounded. 


We can check that the resulting coloring (C, D) is a process coloring. 


PC;: Let p € P and n° = o(e°*). Since K is a process, #{k € [1..B] | n° € Doz} < 
(*A(n°))(p). We can check that all conditions labeled by p and covered by the event 
e° have distinct colors, because of PCy. Thus #{k € [1..B] | n° € Dx} = (°A(n°))(p). 

PC2: The required property holds for any two place nodes from wy, because (C"’, D’) is a 
process coloring. It holds also by construction for any two place nodes from N \ N’. It 
holds also obviously if one place node belongs to N’ and the other to N \ N’ because 
the rule node n° occurs in between. 

PC3: The required property holds for each rule node n € N’. Let p € P and k € {1..B] be 
such that n° € D,,«. By definition of D,,, the event e° covers a condition c such that 
the corresponding node n = o(c) is labeled by p and colored by k. Moreover there is 
no rule node n’ between n and n° with n’ € D,~.. Otherwise the condition c would 
be also covered by some event in K’, hence c would be a branching condition in K. 


Recall that o maps each condition from B \ B’ to a place node from N \ N’ with the same 
label. All these conditions cover e° and all these place nodes cover a(e°). To conclude, we 
need to check that for each place node n € N’, we have n< cpn° in Kcop(s) if and only 
if o~'(n)Fe° in K. 
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Assume first that n< c¢pn°. Then there exists a place p € P and a color k € [1..B] 
such that A(n) = p, n € Cy, and n° € D,,. Further there exists some condition c in the 
process K such that cF'e°, X(c) = p and o(c) € Cy. Then o(c) = n because of PC. Hence 
o'(n)Fe° in K. 

Conversely, assume now that o~!(n)Fe° in K. Let p = A(n) and k be the color such 
that n € C;,. We have n° € D,, according to the definition of D,j;,. No event in K’ covers 
o~'(n) so there exists no rule node in wy after n which is colored by D, x. It follows that 
n= o,pn. a 
Thus the notion of process coloring characterizes the processes of any B-bounded rule 
sequence firable from [jn. 

Following the easy part of Biichi Theorem, we can design an MSO formula @g which 
defines the words w = (N, <, A) over \’ which are representative words of a computation 
sequence of 8. We can also design a formula ¢,-(C, D) with B x (|P| + 1) second-order 
free variables C = (Cx) xef1..8) and D = (Dz.p)kefi..B),per Which characterizes the notion of 
a process coloring for a word w = (N,<,A) over X’. Moreover, by means of Prop. 4.2, 
we can build a formula ¢.(x,y,C,D) with two first-order free variables « and y and 
Bx (|P|+1) second-order free variables such that for any interpretation of C = (Ck)kej...5] 
and D = (Dz,p)re{1..B],pep and any interpretation of x and y, d(x, y,C, D) is satisfied if 
and only if we have x = y in the process corresponding to the process coloring given by 
the interpretation. 

Let w be an MSO sentence for labeled partial orders over 3’. We consider the following 
formula ws for words over ™: 


Ws = 3s \ AC, AD, (dpe(C, D) /\ —ap"(C, D)) 


where the formula w’(C, D) is obtained from w by replacing each occurrence of « =< y by 
b=(x,y,C,D). Thus a word satisfies Ws if (and only if) it is a representative word of a 
computation sequence s of $ for which there exists a process coloring which describes a 
process satisfying -w. In this way we get the main result of this section. 


THEOREM 4.4. Let 8 be a bounded PNS and w be an MSO sentence over causal nets. All 
processes of 8 satisfy w if and only if the word sentence wg is not satisfiable. 


Thus the model-checking problem for a bounded PNS against an MSO-sentence is decid- 
able. In practice, the unsatisfiability of ws is reduced to the emptiness problem of a finite 
automaton. It is of course more efficient not to include the sentence ¢s and to compare the 
resulting automaton with the automaton that recognizes the representative words of com- 
putation sequences of 8. Noteworthy we could provide the PNS 8§ with a subset of accepting 
states and check alternatively that all processes derived from an accepting computation 
sequence satisfy w. 


4.3. Comparisons to related works 


This result subsumes previous works in several extents. A cMSG is said to be safe if all 
paths from the initial state to some fixed state lead to the same marking. Consequently, 
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any safe PNS is bounded. This constraint is interesting because checking whether a PNS 
is bounded and computing a bound is hard and requires exponential space [11]. Yet the 
technique presented in this section allows us to check effectively MSO properties of the 
processes derived from a bounded (non-safe) cMSG or more generally a bounded PNS. 
Since MSO behaviours can be characterized by some MSO sentence, this result extends 
the main result from [26] which asserts that the model-checking problem for safe cMSGs is 
decidable (see also [13, Cor 6.1]). As opposed to [13, 26], we do not assume FIFO behaviours 
and consequently we cannot make use of the notion of representative linearizations. The 
fact is that, as already mentionned, a computation sequence can correspond to several non- 
isomorphic processes depending on the order identical particles are consumed. Therefore 
we need the notion of process coloring (Def. 4.1) to recover a process from a word. This 
is the main difference with the setting of MSCs because these are completely specified 
by any of their linearizations. Still, the FIFO restriction can be formalized in MSO logic 
and our technique applies also in this special case. Second Petri nets and VASSs abstract 
away from the notions of sites and channels in the setting of MSCs: A place can describe 
the local state of a site, a communication channel, a shared-variable, etc. In particular 
our approach applies to any bounded Petri net. To the best of our knowledge, the model 
checking problem of bounded Petri nets against MSO formulae under the process semantics 
has not been investigated so far in the literature. We show with an example below that 
the process semantics of Petri nets can be used to model and check systems with specific 
behavioural constraints, such as FIFO channels, causal communication, or private keys, as 
soon as these restrictions can be formalized by an MSO sentence. Note finally that it may 
be possible to encode a bounded Petri net with a safe cMSGs. However this requires to 
represents each reachable marking by a distinct control state so the size of the resulting 
cMSG would be exponential in the size of the Petri net even for 1-safe Petri nets. 


5 Conclusion 


We introduce a natural partial order semantics for vector addition systems with states 
(and Petri nets with states) which extends the non-branching process semantics of Petri 
nets and follows the asynchronous approach of message sequence charts. We show how 
basic problems about the set of markings reached along concurrent executions, such as 
boundedness, covering and reachability, can be solved similarly to the analogous problems 
for Petri nets. We show also how to check effectively any MSO property of these partial 
orders provided that the system is bounded. This result generalizes results known for 
message sequence graphs and is new, even in the restricted case of Petri nets. 

However vector addition systems with states are not always as easy as Petri nets to 
handle. We have observed that vector addition systems with states are more expressive than 
(pure) Petri nets under this process semantics. Moreover the synthesis problem of Petri nets 
from prefix-bounded vector addition systems with states turns out to be undecidable. As 
a consequence we have illustrated the gap between Petri nets and vector addition systems 
with states as follows: It is undecidable whether two prefix-bounded vector addition systems 
with states are semantically equivalent, contrary to Petri nets. 
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Introduced as a formal model for the semantics of elementary Petri nets, Mazurkie- 
wicz traces [27] are particular labeled partial orders that benefit from a rich and still 
growing theory [7]. In particular we have made use of the undecidability of the universality 
problem for rational trace languages to establish all undecidability results presented in this 
paper. We have shown that Mazurkiewicz traces can be described as the processes of very 
particular prefix-bounded systems. However Mazurkiewicz trace theory enjoys several nice 
positive results for particular rational languages. Most of these results have been already 
adapted to the setting of message sequence charts (see in particular [19]). Thus, this study 
leads us to investigate an extension of Mazurkiewicz trace theory to the whole setting of 
prefix-bounded Petri nets with states. Moreover some classes of Petri nets with states for 
which realizability and prefix-realizability become decidable might arise from this study. 
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